In my defense, I actually dozed off at my desk. It's been a long weekend, with an exceptionally late and well-served night at the ball game. Ok, not an excuse, but anyway...
I woke up looking at a very legitimate-looking email from a very legitimate-looking email address "confirming" that my name has been changed in my apple ID account. This included a link to click in case I didn't make the name change. Right after that, there was another email saying the same thing. My name and apple ID were correct. I looked at the time stamp and it was about 10 min earlier. In my Sunday afternoon daze, I clicked on the link which took me to what appeared to be the Apple ID page. I proceeded to change my password there, on mental cruise control. I got an immediate notification on my phone for two-step verification. I also got a notification on-screen about how icloud was no longer accessible or whatever, which required a change to the password in my settings too.
I got up to mental speed around this time and realized I likely fell into something foul. I quickly opened a different browser and returned to the apple id page to change my password again. I went through the same two-step verification processes one goes through every time passwords are changed. I ran the free Malwarebytes scan which found no problems. I forwarded the emails to reportphishing@apple.com. I've been keeping an eye on the network monitor of iStat menus, with no apparent odd activity. ExpressVPN is running.
I'm not sure what else I should be doing or checking - any suggestions? Curiously, I got this notification from iTunes after the second time I reset the password.
I'm not sure if that is due to me not updating the new password across all affected apps or what, but I wasn't "requesting" anything. I don't even remember if iTunes was opened or not. FWIW, I've never fallen for one of these before - generally quite easy to sniff them out. And no, never click on a link purporting some security problem, especially from any site with your financial interest. As I mentioned, I'm chalking it up to the still-half-asleep befuddlement, and moving on. I just want to make sure I've put out all the fires, or making sure no more start.
I woke up looking at a very legitimate-looking email from a very legitimate-looking email address "confirming" that my name has been changed in my apple ID account. This included a link to click in case I didn't make the name change. Right after that, there was another email saying the same thing. My name and apple ID were correct. I looked at the time stamp and it was about 10 min earlier. In my Sunday afternoon daze, I clicked on the link which took me to what appeared to be the Apple ID page. I proceeded to change my password there, on mental cruise control. I got an immediate notification on my phone for two-step verification. I also got a notification on-screen about how icloud was no longer accessible or whatever, which required a change to the password in my settings too.
I got up to mental speed around this time and realized I likely fell into something foul. I quickly opened a different browser and returned to the apple id page to change my password again. I went through the same two-step verification processes one goes through every time passwords are changed. I ran the free Malwarebytes scan which found no problems. I forwarded the emails to reportphishing@apple.com. I've been keeping an eye on the network monitor of iStat menus, with no apparent odd activity. ExpressVPN is running.
I'm not sure what else I should be doing or checking - any suggestions? Curiously, I got this notification from iTunes after the second time I reset the password.
I'm not sure if that is due to me not updating the new password across all affected apps or what, but I wasn't "requesting" anything. I don't even remember if iTunes was opened or not. FWIW, I've never fallen for one of these before - generally quite easy to sniff them out. And no, never click on a link purporting some security problem, especially from any site with your financial interest. As I mentioned, I'm chalking it up to the still-half-asleep befuddlement, and moving on. I just want to make sure I've put out all the fires, or making sure no more start.
